You Can't Make This Stuff Up!

Electronic Voting

Friday, July 16, 2004

Finally some good news about electronic voting. Reuters reports that Nevada will use voting machines that will leave a paper trail.

Nevada Secretary of State Dean Heller said he hoped his state would set an example by using touch-screen voting machines equipped with printers and avoid a repeat of the 2000 presidential election debacle.

The disputed 2000 election led many states to move from punch cards to electronic voting systems. But computer experts have warned that some of the systems are vulnerable to hacking, fraud and malfunctions.

[. . .]

Nevada's huge gambling industry relies on audit controls trusted by gamblers. The state's Gaming Control Board's Electronic Services Division, which is responsible for verifying the security of electronic gambling machines, has reviewed the new voting system and declared it secure.

I find it amusing that this voting system gets a seal of approval from Nevada's gaming industry.

Hopefully Sequoia Voting Systems receipt system will be better than the Diebold electronic voting machines purchased by many states.

Thursday, February 05, 2004

The Associated Press reports that the Pentagon has decided not to use an Internet voting system for overseas personnel this November. According to the AP, Pentagon officials were not certain they could "assure the legitimacy of votes that would be cast:"

Computer security experts who last month reviewed the Secure Electronic Registration and Voting Experiment, or SERVE, had urged the Pentagon to scrap the system, saying it was too vulnerable. The experts said the system could be penetrated by hackers who could change votes or gather information about users.

"Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect," the experts said in a statement Jan. 21. "Such tampering could alter election results, particularly in close contests."

Friday, January 30, 2004

Another report, this one for Maryland state legislators, makes it even more clear that we are on the verge of establishing a hackable election system. RABA Technologies conducted a mock election exercise and the results were anything but satisfactory.

The RABA team of eight experts was able to guess the hardcoded passwords to supervisor and voter smart cards. The RABA team was able to reset voter cards to allow multiple votes with the same card. All 32,000 statewide terminal locks are identical, and the team was able to pick one in less than 10 seconds. Picking the lock allowed physical access to the PCMCIA bay, which contains cards for the modem and the ballot definitions and results. These cards could be tampered with, destroyed or stolen. Attaching a keyboard to the terminals allowed resetting of all counters in the PCMCIA bay.

The server which accumulates tallies from local election boards also proved to be vulnerable. The server was missing over fifteen Microsoft security updates, and the team was able to use the flaws used by the "Blaster" worm. By using insecure USB ports or more secure CD drives, the team was able to modify results and databases “at will.”

You should read the report, it contains much greater detail about the flaws and recommended fixes.

The New York Times reports that "electronic voting machines from Diebold Inc. have computer security and physical security problems that might allow corrupt insiders or determined outsiders to disrupt or even steal an election."

According to the Times the report found these flaws:

Security experts found that the touch-screen voting machines all used the same key to two locks that protect them from tampering. With handheld computers and a little sleight of hand, they also found, the touch screens could be reprogrammed to make a vote for one candidate count for another, or results could be fouled so that a precinct's vote could not be used.

Communications between the terminals and the larger server computers that tabulate results from many precincts do not require that machines on either end of the line prove they are legitimate, which could let someone grab information that could be used to falsify whole precincts' worth of votes.

The group also found that the server computers did not have the latest protection against the security holes in the Microsoft operating systems, and were vulnerable to hacker attacks that would allow an outsider to change software.

Removable memory cards inside the machine can be tampered with if a lock is picked or if one of thousands of keys is stolen. If hackers find the phone number of the central computers used to compile vote totals, they could easily break into the system and tamper with results or introduce worms and viruses, said consultant Michael A. Wertheimer, a former National Security Agency analyst.

"You are more secure buying a book from Amazon than you are uploading your results to a Diebold server," said Wertheimer, recommending several changes to increase security.

The Times and Diebold focus on the point that if not hacked, the Diebold machines count votes correctly. Right, and if criminals stop breaking the law there would be no crime. The important point is that these machines are still vulnerable.

Diebold also emphasized the vulnerabilities could be addressed in a preliminary way in time for the state's primaries in March. According to the Times:

A spokesman for Diebold, which is based in North Canton, Ohio, emphasized the report's positive elements. "There is nothing that has not been, or can't be, mitigated" before the election, David Bear, the spokesman, said.

In a statement, Bob Urosevich, president of the Diebold election-systems unit, said that this report and another by the Science Applications International Corporation "confirm the accuracy and security of Maryland's voting procedures and our voting systems as they exist today."

Diebold just keeps on promising to fix these machines without getting it done. A report last July warned that these machines had flaws. The Times reports that the authors of the new study were surprised by extent the Diebold machines remain vulnerable:

The report's authors said they had expected a higher degree of security. "We were genuinely surprised at the basic level of the exploits" that allowed tampering, said Mr. Wertheimer, a former security expert for the National Security Agency.

The report supports the findings of a study released in July, by academic security experts at Johns Hopkins and Rice universities, that found Diebold software lacked the level of security needed to safeguard elections. Diebold stated that the code used by the researchers, which had been taken from a company Internet site and circulated online, was outdated. A subsequent report by Science Applications International found some similar problems.

Aviel D. Rubin, who led the Johns Hopkins effort, said, "If our report was unable to convince Maryland that the Diebold machines were vulnerable, then surely this work will set them straight."

The latest study found that some problems identified in the Hopkins study had not been corrected, and discussed other issues it found equally troubling.

It is simply unacceptable to implement a voting system that is vulnerable to manipulation. There must be absolute confidence in the results of elections as Bush v Gore made abundantly clear. These Diebold machines, and any other voting machines that are vulnerable manipulation, should not be allowed to be used in any elections until it is demonstrated that they are reliable and secure.

Maryland has spent more than $55 million for the Diebold machines. Georgia has chosen Diebold for elections statewide, and major counties in California, Ohio and Virginia have also chosen these machines.

The Washington Post reports that some Virginia counties had difficulties with the Diebold machines in November:

Problems have also surfaced in Virginia, where the machines were first used in several counties, including Fairfax, in November. On Election Day, many of the devices crashed in Fairfax, causing long lines. Some vote totals were not known until the next day because of glitches in the tallying software. State election officials conceded that the machines were certified without a comprehensive security or software review.

The Diebold electronic voting machines are not yet ready for prime time.